Cedric Cochin has discovered multiple cross-site scripting vulnerabilities in phpMyAdmin. These vulnerabilities can be exploited through the PmaAbsoluteUri parameter, the zero_rows parameter in read_dump.php, the confirm form, or an error message generated by the internal phpMyAdmin parser.

Impact

By sending a specially-crafted request, an attacker can inject and execute malicious script code, potentially compromising the victim's browser.